CN112334901A - 自动化无分组网络可达性分析 - Google Patents

自动化无分组网络可达性分析 Download PDF

Info

Publication number
CN112334901A
CN112334901A CN201980043063.6A CN201980043063A CN112334901A CN 112334901 A CN112334901 A CN 112334901A CN 201980043063 A CN201980043063 A CN 201980043063A CN 112334901 A CN112334901 A CN 112334901A
Authority
CN
China
Prior art keywords
network
ports
virtual
virtual network
computer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201980043063.6A
Other languages
English (en)
Chinese (zh)
Other versions
CN112334901B (zh
Inventor
C·道奇
N·R·切鲁库
J·B·库克
T·卡萨伊·阿泽尼
W·J·库西克
S·麦克劳林
M·E·斯塔泽尔
B·瓦莱伊
吴轶文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Amazon Technologies Inc
Original Assignee
Amazon Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Amazon Technologies Inc filed Critical Amazon Technologies Inc
Priority to CN202410814063.4A priority Critical patent/CN118656832A/zh
Publication of CN112334901A publication Critical patent/CN112334901A/zh
Application granted granted Critical
Publication of CN112334901B publication Critical patent/CN112334901B/zh
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0866Checking the configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/12Discovery or management of network topologies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/22Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/06Generation of reports
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0272Virtual private networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
CN201980043063.6A 2018-06-27 2019-06-26 自动化无分组网络可达性分析 Active CN112334901B (zh)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410814063.4A CN118656832A (zh) 2018-06-27 2019-06-26 自动化无分组网络可达性分析

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/020,865 US11108805B2 (en) 2018-06-27 2018-06-27 Automated packetless network reachability analysis
US16/020,865 2018-06-27
PCT/US2019/039250 WO2020006084A1 (en) 2018-06-27 2019-06-26 Automated packetless network reachability analysis

Related Child Applications (1)

Application Number Title Priority Date Filing Date
CN202410814063.4A Division CN118656832A (zh) 2018-06-27 2019-06-26 自动化无分组网络可达性分析

Publications (2)

Publication Number Publication Date
CN112334901A true CN112334901A (zh) 2021-02-05
CN112334901B CN112334901B (zh) 2024-07-12

Family

ID=67303518

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201980043063.6A Active CN112334901B (zh) 2018-06-27 2019-06-26 自动化无分组网络可达性分析
CN202410814063.4A Pending CN118656832A (zh) 2018-06-27 2019-06-26 自动化无分组网络可达性分析

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN202410814063.4A Pending CN118656832A (zh) 2018-06-27 2019-06-26 自动化无分组网络可达性分析

Country Status (6)

Country Link
US (3) US11108805B2 (ko)
EP (1) EP3814962A1 (ko)
JP (2) JP7189236B2 (ko)
KR (2) KR102545124B1 (ko)
CN (2) CN112334901B (ko)
WO (1) WO2020006084A1 (ko)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801391A (zh) * 2022-11-14 2023-03-14 浪潮云信息技术股份公司 一种使用Openstack安全组纳管云物理主机的方法及系统

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10469324B2 (en) * 2016-11-22 2019-11-05 Amazon Technologies, Inc. Virtual network verification service
US11108805B2 (en) 2018-06-27 2021-08-31 Amazon Technologies, Inc. Automated packetless network reachability analysis
IL263958B (en) * 2018-12-25 2020-05-31 Hayman Meir A method and system for detecting vulnerability levels in devices operating in a given communication network
US11477110B2 (en) * 2019-04-05 2022-10-18 Google Llc Cloud network reachability analysis for virtual private clouds
CN111817907B (zh) * 2019-04-11 2022-12-30 华为技术有限公司 一种可达性的验证方法和装置
US11442959B2 (en) * 2019-08-07 2022-09-13 Nutanix, Inc. System and method of time-based snapshot synchronization
CN111866124B (zh) * 2020-07-17 2022-06-24 北京金山云网络技术有限公司 访问网页页面的方法、装置、服务器和机器可读存储介质
US12041031B2 (en) * 2020-08-03 2024-07-16 Cazena, Inc. Scalable security for SaaS data lakes
US11516088B1 (en) * 2021-10-28 2022-11-29 Microsoft Technology Licensing, Llc Network configuration verification in computing systems
US20240054228A1 (en) * 2022-08-10 2024-02-15 Wiz, Inc. Techniques for technology stack discovery using external exposure in cloud environments
CN115314419B (zh) * 2022-06-21 2023-05-16 清华大学 一种面向云网络自适应连通性分析方法、系统、设备及存储介质

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
CN1623140A (zh) * 2002-01-15 2005-06-01 福德斯通公司 网络弱点检测和报告的系统和方法
WO2006099303A1 (en) * 2005-03-11 2006-09-21 Tracesecurity, Inc. Integrated, rules-based security compliance and gateway system
US20120084862A1 (en) * 2008-10-29 2012-04-05 International Business Machines Corporation Detecting Malicious Use of Computer Resources by Tasks Running on a Computer System
CN102413012A (zh) * 2011-11-21 2012-04-11 上海交通大学 计算机网络连通性自动分析系统
US20120216244A1 (en) * 2011-02-17 2012-08-23 Taasera, Inc. System and method for application attestation
CN105094996A (zh) * 2015-07-21 2015-11-25 电子科技大学 基于动态权限验证的Android系统安全增强方法及系统
CN105144633A (zh) * 2013-03-15 2015-12-09 亚马逊科技公司 网络业务映射和性能分析
US20160344772A1 (en) * 2015-05-22 2016-11-24 Brian Quentin Monahan Modelling network to assess security properties
CN106603507A (zh) * 2016-11-29 2017-04-26 哈尔滨安天科技股份有限公司 一种自动化完成网络安全自检的方法及系统
US9710368B1 (en) * 2014-05-02 2017-07-18 Amazon Technologies, Inc. Inter-process communication automated testing framework
CN107005544A (zh) * 2014-09-05 2017-08-01 卡特伯德网络股份有限公司 用于网络分析和报告的系统和方法
CN107347078A (zh) * 2017-08-30 2017-11-14 杭州安恒信息技术有限公司 一种基于云服务的操作系统弱口令安全检测方法
CN108011893A (zh) * 2017-12-26 2018-05-08 广东电网有限责任公司信息中心 一种基于网络资产信息采集的资产管理系统
US20180145879A1 (en) * 2016-11-22 2018-05-24 Amazon Technologies, Inc. Virtual network verification service
CN108141380A (zh) * 2015-09-30 2018-06-08 亚马逊科技公司 基于网络的资源配置发现服务
CN108200106A (zh) * 2018-04-02 2018-06-22 浙江九州量子信息技术股份有限公司 一种物联网安全检测防护方法
US20190334949A1 (en) * 2017-01-11 2019-10-31 Mordechai GURI Protecting computing devices from a malicious process by exposing false information

Family Cites Families (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7047288B2 (en) 2000-01-07 2006-05-16 Securify, Inc. Automated generation of an english language representation of a formal network security policy specification
US7003562B2 (en) 2001-03-27 2006-02-21 Redseal Systems, Inc. Method and apparatus for network wide policy-based analysis of configurations of devices
WO2005101789A1 (en) 2004-04-14 2005-10-27 Gurunath Samir Kalekar A system for real-time network based vulnerability assessment of a host/device
US9083748B2 (en) 2004-12-16 2015-07-14 Hewlett-Packard Development Company, L.P. Modelling network to assess security properties
GB2424539A (en) 2005-03-22 2006-09-27 Hewlett Packard Development Co Modelling network to determine assess security properties
US8250654B1 (en) * 2005-01-27 2012-08-21 Science Applications International Corporation Systems and methods for implementing and scoring computer network defense exercises
US10015140B2 (en) * 2005-02-03 2018-07-03 International Business Machines Corporation Identifying additional firewall rules that may be needed
US8566269B2 (en) 2006-08-01 2013-10-22 George Mason Intellectual Properties, Inc. Interactive analysis of attack graphs using relational queries
WO2010019918A1 (en) 2008-08-15 2010-02-18 Qualys, Inc. System and method for performing remote security assessment of firewalled computer
CN101699801B (zh) 2009-10-30 2011-09-28 孙喜明 一种数据传输方法及传输数据的虚拟对等网络系统
CN102170457A (zh) 2010-02-26 2011-08-31 国际商业机器公司 向应用的多租户提供服务的方法和装置
US9129086B2 (en) 2010-03-04 2015-09-08 International Business Machines Corporation Providing security services within a cloud computing environment
EP2605145A4 (en) * 2010-11-17 2017-08-16 Hitachi, Ltd. Method for finding communication devices connected to communication network, and management device
US8782762B2 (en) 2011-08-17 2014-07-15 International Business Machines Corporation Building data security in a networked computing environment
US8650291B2 (en) 2011-09-12 2014-02-11 International Business Machines Corporation Best practices analysis of zones and components in a network
US9426169B2 (en) * 2012-02-29 2016-08-23 Cytegic Ltd. System and method for cyber attacks analysis and decision support
US9923787B2 (en) 2012-04-27 2018-03-20 International Business Machines Corporation Network configuration predictive analytics engine
EP2852107B1 (en) 2012-06-21 2021-03-03 Huawei Technologies Co., Ltd. Packet processing method and apparatus
US9122510B2 (en) 2013-01-02 2015-09-01 International Business Machines Corporation Querying and managing computing resources in a networked computing environment
US9177250B2 (en) 2013-06-28 2015-11-03 Vmware, Inc. Method and system for determining configuration rules based on configurations of complex systems
US9276951B2 (en) 2013-08-23 2016-03-01 The Boeing Company System and method for discovering optimal network attack paths
US9838253B2 (en) 2014-04-10 2017-12-05 Fujitsu Limited Object-oriented network virtualization
CN104363159B (zh) 2014-07-02 2018-04-06 北京邮电大学 一种基于软件定义网络的开放虚拟网络构建系统和方法
US9686162B2 (en) 2014-10-17 2017-06-20 International Business Machines Corporation Identifying configuration inconsistency in edge-based software defined networks (SDN)
JP6841228B2 (ja) * 2015-12-04 2021-03-10 日本電気株式会社 ファイル情報収集システム、方法およびプログラム
US11108805B2 (en) 2018-06-27 2021-08-31 Amazon Technologies, Inc. Automated packetless network reachability analysis
US11425157B2 (en) 2018-08-24 2022-08-23 California Institute Of Technology Model based methodology for translating high-level cyber threat descriptions into system-specific actionable defense tactics
US11483350B2 (en) 2019-03-29 2022-10-25 Amazon Technologies, Inc. Intent-based governance service

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5892903A (en) * 1996-09-12 1999-04-06 Internet Security Systems, Inc. Method and apparatus for detecting and identifying security vulnerabilities in an open network computer communication system
CN1623140A (zh) * 2002-01-15 2005-06-01 福德斯通公司 网络弱点检测和报告的系统和方法
WO2006099303A1 (en) * 2005-03-11 2006-09-21 Tracesecurity, Inc. Integrated, rules-based security compliance and gateway system
US20120084862A1 (en) * 2008-10-29 2012-04-05 International Business Machines Corporation Detecting Malicious Use of Computer Resources by Tasks Running on a Computer System
US20120216244A1 (en) * 2011-02-17 2012-08-23 Taasera, Inc. System and method for application attestation
CN102413012A (zh) * 2011-11-21 2012-04-11 上海交通大学 计算机网络连通性自动分析系统
CN105144633A (zh) * 2013-03-15 2015-12-09 亚马逊科技公司 网络业务映射和性能分析
US9710368B1 (en) * 2014-05-02 2017-07-18 Amazon Technologies, Inc. Inter-process communication automated testing framework
CN107005544A (zh) * 2014-09-05 2017-08-01 卡特伯德网络股份有限公司 用于网络分析和报告的系统和方法
US20160344772A1 (en) * 2015-05-22 2016-11-24 Brian Quentin Monahan Modelling network to assess security properties
CN105094996A (zh) * 2015-07-21 2015-11-25 电子科技大学 基于动态权限验证的Android系统安全增强方法及系统
CN108141380A (zh) * 2015-09-30 2018-06-08 亚马逊科技公司 基于网络的资源配置发现服务
US20180145879A1 (en) * 2016-11-22 2018-05-24 Amazon Technologies, Inc. Virtual network verification service
CN106603507A (zh) * 2016-11-29 2017-04-26 哈尔滨安天科技股份有限公司 一种自动化完成网络安全自检的方法及系统
US20190334949A1 (en) * 2017-01-11 2019-10-31 Mordechai GURI Protecting computing devices from a malicious process by exposing false information
CN107347078A (zh) * 2017-08-30 2017-11-14 杭州安恒信息技术有限公司 一种基于云服务的操作系统弱口令安全检测方法
CN108011893A (zh) * 2017-12-26 2018-05-08 广东电网有限责任公司信息中心 一种基于网络资产信息采集的资产管理系统
CN108200106A (zh) * 2018-04-02 2018-06-22 浙江九州量子信息技术股份有限公司 一种物联网安全检测防护方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张涛;张勇;宁戈;陈钟;: "基于SELinux强制访问控制的进程权限控制技术研究与实现", 信息网络安全, no. 12, 10 December 2015 (2015-12-10), pages 34 - 41 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115801391A (zh) * 2022-11-14 2023-03-14 浪潮云信息技术股份公司 一种使用Openstack安全组纳管云物理主机的方法及系统

Also Published As

Publication number Publication date
KR102545124B1 (ko) 2023-06-20
CN112334901B (zh) 2024-07-12
US20210392157A1 (en) 2021-12-16
EP3814962A1 (en) 2021-05-05
KR20230091203A (ko) 2023-06-22
JP7189236B2 (ja) 2022-12-13
US20230262087A1 (en) 2023-08-17
US11108805B2 (en) 2021-08-31
KR20210022732A (ko) 2021-03-03
WO2020006084A1 (en) 2020-01-02
JP2023025160A (ja) 2023-02-21
CN118656832A (zh) 2024-09-17
US20200007569A1 (en) 2020-01-02
US11671442B2 (en) 2023-06-06
JP2021528749A (ja) 2021-10-21

Similar Documents

Publication Publication Date Title
CN112334901B (zh) 自动化无分组网络可达性分析
US11095523B2 (en) Virtual network verification service
JP6731687B2 (ja) 電子メッセージベースのセキュリティ脅威の自動軽減
EP3939231B1 (en) Intent-based governance service
US9762599B2 (en) Multi-node affinity-based examination for computer network security remediation
US11265292B1 (en) Graph based management of virtualized infrastructures
US20150347751A1 (en) System and method for monitoring data in a client environment
US9369478B2 (en) OWL-based intelligent security audit
JP6661809B2 (ja) 管理対象ネットワークにおける構成項目クラス間の運用上の関連付けの定義及び実行
US12067127B2 (en) Software vulnerability detection in managed networks
US11677768B2 (en) Apparatuses, methods, and computer program products for automatic improved network architecture generation
Mytilinakis Attack methods and defenses on Kubernetes

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant